*Contents are provided by Authors of articles. Please contact us if you having any query.

Vikas Rao Vadi
Year of Publish -2012 Month - April  
Computer Sci.& Engg.
Under Guidence of : - Dr. Ritesh Khanna
Email : - *********


Information security in an organization can be regarded as a management opportunity and should become an integral part of the whole management activity of the organization. Obtaining commitment from management is therefore extremely important for effective information security. One way in which management can show their commitment to ensuring information security, is to adopt and enforce a security policy. A security policy ensures that people understand exactly what important role they play in securing information assets. The responsibility for ensuring information security therefore lies not only with technical staff, end-user staff and other members of staff, but a great deal of responsibility lies with management (Owens, 1998, p 7). It must, however, be understood that the information security process is not a once off exercise, but an ongoing activity, because if security is well managed, it should be a business enabler. Therefore, besides management commitment, it is essential that a structured approach, based upon an organization’s specific security need, is used to provide the most effective way of information security (Royds, 2000, p 2). Such a structured approach can take the form of an Information Security Management System (ISMS), because as for the proper management of anything, it is important that a management system is established (Boddington & Hill, 1998, p 6). Since information security is regarded as all the aspects related to defining, achieving and maintaining of security (ISO/IEC TR 13335-1, 1996, p 1), the process of information security management intends to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity and reliability of information (ISO/IEC TR 13335-2, 1996, p 1).